Interested in training for your team? Click here to learn more

Employee Privacy and Data Protection Under CPRA and Other State Laws

Rights of Access, Deletion, Correction, and Opt-Out of Sale

Recording of a 90-minute CLE video webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Tuesday, September 13, 2022

Recorded event now available

or call 1-800-926-7926

This CLE webinar will advise employment attorneys on the potential liability and claims that may arise under the California Privacy Rights Act (CPRA) and other state privacy laws. The panel will discuss employees' rights, including access, deletion, and correction, to data that their employers retain about them. The panel will address how to mitigate the risks of such potential claims and what employers should consider regarding data retention moving forward.


On Jan. 1, 2023, businesses subject to the California Consumer Privacy Act as amended by the California Privacy Rights Act (CPRA) will need to reconsider their privacy practices concerning their customers' personal information and their employees’ personal information.

Businesses subject to the CPRA must draft new, or update existing, personnel privacy policies that disclose the personal information they collect in the employment context, including employees, job applicants, and contractors. Privacy policies will now need to include additional disclosures regarding data retention periods or criteria used to determine such periods and more detailed disclosures regarding types of data collected, including sensitive data. Updated privacy policies will also need to offer employees certain rights that formerly only applied to other types of consumers, such as website users and customers, under the CPRA.

Businesses must consider where to display and disclose these privacy notices as they must be available at the time of collection. Thus, companies should include the privacy notices on job applications and recruiting website pages and, for existing personnel, distribute internally in addition to posting on the business intranet.

Under the CPRA, personnel can request access to data retained by the business or ask that such data be deleted, and subject to a few exceptions, companies will need to act swiftly within the mandated 45-day period (with an optional 45-day extension) to provide or delete data. Employees will acquire other rights, such as the right to correct inaccurate data about them and to restrict the use of sensitive information in employee files.

Businesses with personnel across various states should consider if they want to offer the same rights to all personnel or only California-based personnel. Other state laws differ, further complicating the landscape and considerations. Before starting to update any documents, businesses must have a clear understanding of their data collection practices.

A business must conduct detailed data mapping exercises to know where their data is stored, not only to update their policies but also to appropriately and efficiently respond to a user's request for access, deletion, or correction. Businesses will need to update their privacy and data retention policies and practices.

Listen as our expert panel discusses how the CPRA directly affects employee data collection and retention and how this law will ultimately affect employee policies and practices.



  1. California Privacy Rights Acts
    1. Employers affected
    2. Employee rights
      1. Right of access
      2. Right of deletion
      3. Right of correction
      4. Right to restrict sensitive information
      5. Right to opt-out of the sale
  2. Other state privacy laws and employment


The panel will address these and other key topics:

  • Which employers are affected by the CPRA?
  • What rights do employees gain under the CPRA?
  • How will the CPRA affect future employee data collection and retention?


Groden, Darcey
Darcey M. Groden, CIPP/US

Fisher & Phillips

Ms. Groden is a Certified Information Privacy Professional/United States (CIPP/US) and a member of the firm’s...  |  Read More

Kelso, Brad
Brad Kelso

Managing Partner

Mr. Kelso helps firms deliver data- and user-centered products and SaaS solutions that meet financial, data compliance,...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video